Generally, an attacker on a network starts an attack from gathering information of a target device. In an example, an attacker first uses an approach to gather software and/or hardware information about a device. Based on the gathered information, the attacker determines weakness of the device, and further determines an intrusion technique to use the weakness to gain unauthorized access to the device.